MCPcopy
hub / github.com/nats-io/nats.go / makeTLSConn

Method makeTLSConn

nats.go:2381–2424  ·  view source on GitHub ↗

makeTLSConn will wrap an existing Conn using TLS

()

Source from the content-addressed store, hash-verified

2379
2380// makeTLSConn will wrap an existing Conn using TLS
2381func (nc *Conn) makeTLSConn() error {
2382 if nc.Opts.CustomDialer != nil {
2383 // we do nothing when asked to skip the TLS wrapper
2384 sd, ok := nc.Opts.CustomDialer.(skipTLSDialer)
2385 if ok && sd.SkipTLSHandshake() {
2386 return nil
2387 }
2388 }
2389 // Allow the user to configure their own tls.Config structure.
2390 tlsCopy := &tls.Config{}
2391 if nc.Opts.TLSConfig != nil {
2392 tlsCopy = util.CloneTLSConfig(nc.Opts.TLSConfig)
2393 }
2394 if nc.Opts.TLSCertCB != nil {
2395 cert, err := nc.Opts.TLSCertCB()
2396 if err != nil {
2397 return err
2398 }
2399 tlsCopy.Certificates = []tls.Certificate{cert}
2400 }
2401 if nc.Opts.RootCAsCB != nil {
2402 rootCAs, err := nc.Opts.RootCAsCB()
2403 if err != nil {
2404 return err
2405 }
2406 tlsCopy.RootCAs = rootCAs
2407 }
2408 // If its blank we will override it with the current host
2409 if tlsCopy.ServerName == _EMPTY_ {
2410 if nc.current.tlsName != _EMPTY_ {
2411 tlsCopy.ServerName = nc.current.tlsName
2412 } else {
2413 h, _, _ := net.SplitHostPort(nc.current.URL.Host)
2414 tlsCopy.ServerName = h
2415 }
2416 }
2417 nc.conn = tls.Client(nc.conn, tlsCopy)
2418 conn := nc.conn.(*tls.Conn)
2419 if err := conn.Handshake(); err != nil {
2420 return fmt.Errorf("%w: %w", ErrTLS, err)
2421 }
2422 nc.bindToNewConn()
2423 return nil
2424}
2425
2426// TLSConnectionState retrieves the state of the TLS connection to the server
2427func (nc *Conn) TLSConnectionState() (tls.ConnectionState, error) {

Callers 3

wsInitHandshakeMethod · 0.95
processConnectInitMethod · 0.95
checkForSecureMethod · 0.95

Calls 4

bindToNewConnMethod · 0.95
CloneTLSConfigFunction · 0.92
ErrorfMethod · 0.80
SkipTLSHandshakeMethod · 0.65

Tested by

no test coverage detected